PS3... Hacked again?

sony is waking up to a new playstation 3 security nightmare after a day in which a brand new, psn-enabled custom firmware was released for hacked consoles, swiftly followed up by publication of the console's lv0 decryption keys - which some say blows the system wide open.
we've been here before of course. Over two years ago, the first piracy-enabling firmware and usb dongle combo - psjailbreak was released, which exploited a weakness in the ps3's usb protocols, allowing for the system software to be patched in order to run copied software running from hard disk. This was followed up some time later by the release of tools from hacker group fail0verflow, which allowed users to encrypt files for the system in the same way that sony does, allowing for a new wave of piracy. Geohot's public release of the "metldr" root key also added to the challenges facing sony, resulting in a messy legal battle.

the firm's response - firmware 3.60 - plugged many of the holes, neatly working around the entire root key problem, and even with the release of the new custom firmware, any console running system software 3.60 or higher is effectively locked out. Only hacked consoles, or those still running 3.55 or lower can run the new code unless expensive, difficult-to-install hardware downgrade devices are utilised on older hardware.despite the effectiveness of firmware 3.60, ps3 has still had to contend with piracy issues, notably the jb2/trueblue dongle, but this hack still locked consoles to 3.55 and stopped compromised consoles gaining access to psn - until recently at least, where the "passphrase" security protocol protecting psn was leaked, giving hacked consoles full access to the service.

the release of the new custom firmware - and the lv0 decryption keys in particular - poses serious issues. While sony will almost certainly change the psn passphrase once again in the upcoming 4.30 update, the reveal of the lv0 key basically means that any system update released by sony going forward can be decrypted with little or no effort whatsoever. Options sony has in battling this leak are limited - every ps3 out there needs to be able to decrypt any firmware download package in order for the console to be updated (a 2006 launch ps3 can still update directly to the latest software). The release of the lv0 key allows for that to be achieved on pc, with the coreos and xmb files then re-encrypted using the existing 3.55 keys in order to be run on hacked consoles.

so just how did lv0 come to be released at all? The original hackers who first found the master key - calling themselves "the three tuskateers" - apparently sat on its discovery for some time. However, the information leaked and ended up being the means by which a new chinese hacking outfit - dubbed "bluediskcfw" planned to charge for and release new custom firmware updates. To stop these people profiteering from their work, the "muskateers" released the lv0 key and within 24 hours, a free cfw update was released.

"you can be sure that if it wouldn't have been for this leak, this key would never have seen the light of day, only the fear of our work being used by others to make money out of it has forced us to release this now," a statement from the hacker group says.

But no, i don't think so. Question is, why would you keep that information on their again?

The made it a little less hackable though, didn't they?

Not sure. I just know that people at my work are always playing the latest hacked games on their PS3's (and 360's). They download all the PS3 games from a site and play them directly off the HDD. They already have the new Medal of Honor that came out today. Not sure how all that crap works, and I am not interested. There is one thing I know I am not good at, and that is computers, lol.

No matter what race you are or what you look like or your sexuality or where you come from, We are all the same people and we are all bothers & sisters so love each other & don't let anyone tell you any different.

Remember you can't choose what you are from birth but you can choose what you want to become.

Just because you haven't seen them doesn't mean they are not there we all got to have something to believe in.

I did a little more digging on this, and everyone might as well just say goodbye to the PS3. There isn't any way they can actually get around this one except on the 3k ps3 model. A lot of work still needs to be done, but basically, for the greatest majority of systems, Sony can't keep all their firmware from being decrypted without any effort...

As long as the entry barrier to a hacked system remains out of reach for an average or lesser user it's pointless to worry. The majority of systems are using current firmware and thus will have difficulty with hacks that allow it to play online games and as long as they're not screwing things for regular users it's not anything all that problematic. Besides The 360 seems to have a higher level of hacked ISOs and cracked systems in the wild and MS doesnt seem all that panicked.

Closing Statement
This is the beginning of a very long and heavily scheduled future of the PS3 hacking scene. The release of the LV0 key means that any system update released by Sony going forward can be decrypted fully with no effort. Sony has no cards in this game. As of today LV0 is now decrypted for ever until the end of time. There is alot of reverse engineering to get the decrypted loaders from it since Sony had changed a lot of security algorithms to protect these loaders inside LV0 however, rest assure every PS3 developer is hot on the news of everything going on. No one will be able to find 4.XX LV1, LV2_kernel, AppLDR keys inside the decrypted LV0 so there would need to be an investigation regarding how Sony store these keys right now.

Crazy. I just hope these hackers don't ruin online games for the community. Maybe Sony can implement a ban wave like Microsoft do from now on

Posting Permissions

PlayStation Universe

Copyright 2006-2014 7578768 Canada Inc. All Right Reserved.

Reproduction in whole or in part in any form or medium without express written
permission of Abstract Holdings International Ltd. prohibited.Use of this site is governed
by our Terms of Use and Privacy Policy.